<?php echo $browser_display_title;?>

diff --git a/main/document/edit_document.php b/main/document/edit_document.php index b223954ddd..c946b0d67b 100644 --- a/main/document/edit_document.php +++ b/main/document/edit_document.php @@ -1,9 +1,9 @@ -Debug info
directory = $dir
"; $message .= "document = $file_name
"; $message .= "comments file = " . $file . "
"; //Display::display_normal_message($message); -while($row = mysql_fetch_array($result, MYSQL_ASSOC)) +while($row = Database::fetch_array($result, MYSQL_ASSOC)) { $oldComment = $row['comment']; $oldTitle = $row['title']; @@ -509,18 +510,35 @@ else $form->addElement('hidden','renameTo'); } +if($extension == "htm" || $extension == "html") +{ + $form->addElement('hidden','formSent'); + $defaults['formSent'] = 1; + $form->addElement('submit','submit',get_lang('Ok')); + $form->add_html_editor('texte','

',false,true); + $defaults['texte'] = $texte; +} +if(!$group_document) +{ + $metadata_link = ''.get_lang('AddMetadata').''; + $form->addElement('static',null,get_lang('Metadata'),$metadata_link); +} + +$form->addElement('textarea','newComment',get_lang('Comment'),'rows="3" style="width:300px;"'); + // readonly $sql = 'SELECT id, readonly FROM '.$dbTable.' WHERE path LIKE BINARY "'.$dir.$doc.'"'; $rs = api_sql_query($sql, __FILE__, __LINE__); -$readonly = mysql_result($rs,0,'readonly'); -$doc_id = mysql_result($rs,0,'id'); +$readonly = Database::result($rs,0,'readonly'); +$doc_id = Database::result($rs,0,'id'); // owner $sql = 'SELECT insert_user_id FROM '.Database::get_course_table(TABLE_ITEM_PROPERTY).' WHERE tool LIKE "document" AND ref='.intval($doc_id); $rs = api_sql_query($sql, __FILE__, __LINE__); -$owner_id = mysql_result($rs,0,'insert_user_id'); +$owner_id = Database::result($rs,0,'insert_user_id'); + if($owner_id != $_user['user_id']) { $form->addElement('hidden','readonly'); @@ -533,20 +551,10 @@ else } $defaults['readonly']=$readonly; -if($extension == "htm" || $extension == "html") -{ - $form->addElement('hidden','formSent'); - $defaults['formSent'] = 1; - $form->addElement('submit','submit',get_lang('Ok')); - $form->add_html_editor('texte','

',false,true); - $defaults['texte'] = $texte; -} -if(!$group_document) -{ - $metadata_link = ''.get_lang('AddMetadata').''; - $form->addElement('static',null,get_lang('Metadata'),$metadata_link); -} -$form->addElement('textarea','newComment',get_lang('Comment'),'rows="3" style="width:300px;"'); + + + + $form->addElement('submit','submit',get_lang('Ok')); $defaults['filename'] = $filename; $defaults['extension'] = $extension; diff --git a/main/document/headerpage.php b/main/document/headerpage.php index f637e314df..a1613aedae 100644 --- a/main/document/headerpage.php +++ b/main/document/headerpage.php @@ -9,16 +9,14 @@ $language_file = 'document'; include('../inc/global.inc.php'); - $noPHP_SELF=true; + $header_file= Security::remove_XSS($_GET['file']); + $path_array=explode('/',str_replace('\\','/',$header_file)); + $path_array = array_map('urldecode',$path_array); + + $header_file=implode('/',$path_array); - $path_array=explode('/',str_replace('\\','/',$_GET['file'])); - - $path_array = array_map('urlencode',$path_array); - - $_GET['file']=implode('/',$path_array); - - $nameTools = $_GET['file']; + $nameTools = $header_file; if(isset($_SESSION['_gid']) && $_SESSION['_gid']!='') { @@ -26,12 +24,12 @@ $language_file = 'document'; $interbreadcrumb[]= array ("url"=>"../group/group_space.php?gidReq=".$_SESSION['_gid'], "name"=> get_lang('GroupSpace')); } - $interbreadcrumb[]= array ("url"=>"./document.php?curdirpath=".dirname($_GET['file']).$req_gid, "name"=> $langDocuments); - $interbreadcrumb[]= array ("url"=>"showinframes.php?file=".$_GET['file'], "name"=> $_GET['file']); + $interbreadcrumb[]= array ("url"=>"./document.php?curdirpath=".dirname($header_file).$req_gid, "name"=> $langDocuments); + $interbreadcrumb[]= array ("url"=>"showinframes.php?file=".$header_file, "name"=>$header_file); Display::display_header(null,"Doc"); echo "

"; - echo "".$lang_cut_paste_link."

"; + echo "".$lang_cut_paste_link.""; ?> \ No newline at end of file diff --git a/main/document/showinframes.php b/main/document/showinframes.php index 0491b9357b..c91e8140f9 100644 --- a/main/document/showinframes.php +++ b/main/document/showinframes.php @@ -1,4 +1,4 @@ -"./document.php", "name"=> get_lang("Documents")); -$nameTools = get_lang("Documents"); - -$file = $_GET['file']; +$interbreadcrumb[]= array ('url'=>'./document.php', 'name'=> get_lang('Documents')); +$nameTools = get_lang('Documents'); +$file = Security::remove_XSS(urldecode($_GET['file'])); /* ============================================================================== @@ -74,14 +84,18 @@ header('Last-Modified: Wed, 01 Jan 2100 00:00:00 GMT'); header('Cache-Control: no-cache, must-revalidate'); header('Pragma: no-cache'); -$browser_display_title = "Dokeos Documents - " . $_GET['cidReq'] . " - " . $_GET['file']; +$browser_display_title = "Dokeos Documents - " . $_GET['cidReq'] . " - " . $file; //only admins get to see the "no frames" link in pageheader.php, so students get a header that's not so high $frameheight = 130; if($is_courseAdmin) { - $frameheight = 150; + $frameheight = 150; } +$file_root=$_course['path'].'/document'.str_replace('%2F', '/',$file); +$file_url_sys=api_get_path('SYS_COURSE_PATH').$file_root; +$file_url_web=api_get_path('WEB_COURSE_PATH').$file_root; + ?> @@ -89,8 +103,17 @@ if($is_courseAdmin) <?php echo $browser_display_title;?> - - + + '; + } + else + { + echo ''; + } + ?> <body> <p>This page uses frames, but your browser doesn't support them.<br/>